Can I use the sanitized output to recover the original values?

The sanitized file alone cannot be reversed — ScrubForge does not upload a mapping anywhere. The mapping exists only in your original file and in the in-browser session.

How to Sanitize Network Configs Before Sharing with AI Assistants

Network engineers and sysadmins spend a lot of time debugging configurations. AI assistants are increasingly useful for that: paste a FortiGate policy, ask why traffic isn't matching, and get a useful answer in seconds. The problem is that every real config contains data you shouldn't expose to an external service.

ScrubForge is a Chrome extension that sits between your config file and the AI assistant. Paste the config in, get a sanitized version out — all processed locally in your browser, nothing uploaded anywhere.

Why Network Configs Are a Security Risk to Share

A configuration file is not just settings. It contains a detailed map of your infrastructure:

Real IP addresses Internal subnets, management interfaces, next-hop gateways — together they reveal your addressing scheme and topology.

Shared secrets and keys IPsec pre-shared keys, RADIUS shared secrets, SNMP community strings, and BGP authentication passwords appear in plaintext in most config exports.

Credentials and usernames Local user accounts, enable passwords, API keys for cloud-managed devices — all commonly present in exported configs.

Hostnames and domain names Internal naming conventions reveal how your organization names devices, sites, and services — useful reconnaissance data for an attacker.

ACL and route map targets Which IP ranges are permitted, denied, or routed where — effectively a map of your network segmentation policy.

Why AI assistants specifically? Unlike a support forum where you might carefully redact before posting, AI conversations feel informal and fast. It's easy to paste a raw config without thinking. Most AI providers process prompts on cloud infrastructure — even if they don't log or store your prompts, the data transits their systems.

How ScrubForge Works

ScrubForge scans the pasted text for patterns that match known sensitive categories: IPv4 and IPv6 addresses, subnet masks, pre-shared keys, community strings, username-password pairs, and similar values. Each detected value is replaced with a consistent numbered placeholder.

The critical property is consistency: if the same IP address appears eight times in your config, all eight instances become the same token — [IP_1]. The AI reading the sanitized config sees the same logical relationships between objects. It can trace a routing decision, audit an ACL, or explain a policy — it just can't see that [IP_1] is actually your management interface.

All of this happens locally. The extension does not contact any external service. Your config text never leaves your browser tab.

How to Sanitize a Config with ScrubForge

1

Install ScrubForge

Install ScrubForge from the Chrome Web Store. Open the Extensions menu (⋮ > Extensions > Manage extensions) and pin ScrubForge to your toolbar.
2

Copy your config

Open your config file in any text editor, SSH terminal, or web management interface. Select all the text and copy it to your clipboard.
3

Open ScrubForge

Click the ScrubForge icon in your browser toolbar. The extension panel opens immediately — no new tab, no redirect to an external site.
4

Paste and sanitize

Paste the config into the input area. ScrubForge processes the text locally and displays the sanitized version with sensitive values replaced by consistent placeholder tokens.
5

Copy the sanitized output

Copy the sanitized config and paste it into your AI assistant, support ticket, or forum post. Your real credentials and addresses stay on your machine.

Practical Example

Say you're debugging a static route issue on a FortiGate device. Your config snippet looks like this:

Original config — contains real data

config router static edit 1 set dst 10.48.0.0/16 set gateway 192.168.100.1 set device "wan1" next edit 2 set dst 172.20.0.0/14 set gateway 192.168.100.1 set device "wan1" next end

After running it through ScrubForge, the output becomes:

Sanitized output — safe to share

config router static edit 1 set dst [SUBNET_1] set gateway [IP_1] set device "wan1" next edit 2 set dst [SUBNET_2] set gateway [IP_1] set device "wan1" next end

Notice that the gateway [IP_1] is the same token in both entries — because it was the same address in both. The AI can see the structure clearly: two static routes sharing the same next-hop. You can ask "why would these routes not be preferred over the default?" and get a useful answer without revealing your actual subnet ranges.

When to Use ScrubForge

Asking AI assistants for configuration help The most common scenario — pasting a policy, ACL, or routing table into ChatGPT or Claude to get a second opinion on why something isn't working.

Posting to vendor support forums Cisco Community, FortiGate Forums, and similar spaces are publicly indexed. A raw config paste there is visible to anyone.

Sharing with external consultants or MSPs When you need a contractor to review a config but aren't ready to share live credentials, sanitize first.

Internal documentation and wiki pages Config examples in Confluence, Notion, or internal wikis often end up wider-shared than intended. Use sanitized examples in docs from the start.

Incident response and log sharing When sharing log excerpts or config sections in a ticket or chat, sanitizing prevents accidental credential exposure in Slack or Teams channels.

Frequently Asked Questions

Does ScrubForge send my config to any server?

No. ScrubForge is a Chrome extension that runs entirely in your browser. The text you paste is processed locally on your machine. Nothing is transmitted to Wendygo Studio servers or any external service.

Does it work with Cisco IOS, FortiGate, and AWS configs?

ScrubForge is designed for infrastructure configuration files. It detects patterns common across vendor formats: IP addresses, subnet masks, pre-shared keys, SNMP community strings, and similar values. It works on plain text from any source you can copy from.

What if ScrubForge misses a sensitive value?

The sanitizer detects known patterns. For unusual or custom secret formats not matching standard patterns, review the sanitized output before sharing. ScrubForge reduces risk significantly but is not a guarantee of 100% coverage for every possible secret format.

Is ScrubForge free?

Yes. ScrubForge is free to install and use from the Chrome Web Store. No account or subscription required.

Can I recover the original values from the sanitized output?

The sanitized file alone cannot be reversed — ScrubForge does not upload or store a mapping anywhere. The correspondence between tokens and real values exists only in your original file and in the in-browser session. Keep your original config for reference.

ScrubForge is free to install. Paste your config, sanitize sensitive values locally, and share safely with AI assistants and support forums — no upload, no account required.

Install ScrubForge — free